Brussels /2 & 3 February 2019

Keysigning

The annual keysigning event at FOSDEM 2019 is one of the
largest of its kind. With more than one hundred participants every year, it
is an excellent opportunity to strengthen the web of trust. We use a
slightly modified version of the
Zimmermann-Sassaman key-signing protocol relying on a key submission
server rather than email to collect keys.

Before the event

Submit your keys

The submission deadline has passed.

If you intend to participate in the PGP keysigning event at
FOSDEM 2019, you must submit the keys you would like to have
signed to the keyserver listening on ksp.fosdem.org. If you
are using GnuPG, this can easily be accomplished with:

gpg --keyserver ksp.fosdem.org --send-key [keyid]

If you have multiple keys, try to (re)submit them together. Since the list is
sorted by (re)submission time, this will group your keys on the list, saving
everyone a lot of browsing forward and backward through the list.

You may want to verify that your submission made it to the keyserver by
checking the list of submitted keys at https://ksp.fosdem.org/.

The deadline for submissions is
Thursday, 24 January 2019.
After this date, the keyserver will no longer accept submissions and the
official keylist will be published.

Download the list of participants

If you are participating in the keysigning event (i.e.: you have submitted
your key to the keyserver), you should download the final list of
participants and follow its instructions closely. Said instructions are at the beginning of the file.

If there is a trust-path between you and the author, you should verify the
list's detached signature using:

gpg --verify ksp-fosdem2019.txt.asc ksp-fosdem2019.txt

Besides the official list, ksp-fosdem2019.txt, we also provide
non-authoritative files that may make your life easier. It is up to you, the
participant, to verify that these files actually contain the same information
than the official list: e.g. for the keyring.gpg file,
you could run the keylist.txt.sh script and verify that
the output similar enough to the official list. Note that different
GnuPG version may output slightly different output. In particular,
GnuPG older than version 2.1 uses
a different key format.

The key signing event itself

The keysigning event takes place on Sunday, at 14:00, in the corridor on the
second level of the U building. There is no fixed end time. Previous
editions last for approximately one hour per 100 keys on the list.
To participate, you should have submitted your keys before the deadline.
Please bring the printed list, a pen
and appropriate form of identification with you to
FOSDEM 2019.
Note that it is not possible to print the list at the conference.

You may find it useful to make a badge stating the number(s) of your key(s)
on this list and the fact that you verified the fingerprints of your own
key(s). Also provide a place to mark that your hashes match. Be on time to
actually verify the hashes as they are announced! e.g.

I am number 001
My key-id & fingerprint: ☑
The hashes: ☐

To avoid descending into chaos, the organiser will line up the participants
in the order of the list.

1 - 2 - 3 - 4 - 5 - 6 - 7 - 8

Next, this line folds onto itself, so everyone is facing another participant.

1 - 2 - 3 - 4
8 - 7 - 6 - 5

After the participants have verified each other's identity, the whole line
moves one step to their right. Participants on the end of the line move to
the opposite line. That way, everyone should be facing the next person on
their list (modulo no-shows).

2 - 3 - 4 - 5
1 - 8 - 7 - 6

2 - 3 - 4 - 5
1 - 8 - 7 - 6

After the event

Please complete your signing homework before
Tuesday, 30 April 2019,
and send your key signatures to the verified key owners,
or upload them to a well-connected keyserver.
You may find caff
a helpful tool.